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[Claims] 



1. Communication equipment for conducting encryption/authentication 
communications of a layered construct in which a key belonging to a higher layer 
converts a key or data belonging to a lower layer, 

said equipment being provided with a means for setting communication quality 
such that quality of said encryption/authentication communications concerning a higher 
layer is higher than that concerning a lower layer. 

2. The communication equipment as defined in Claim 1 further provided with a 
means for optionally setting communication quality for each layer. 

3. A communication system comprising the communication equipment set forth 
in Claim 1 or 2. 

4. A communication system wherein quality of communication in Claim 1, 2 or 3 
is a parameter defined as a QOS in ATM communications. 

5. A communication method for conducting encryption/authentication 
communications of a layered construct in which a key belonging to a higher layer 
converts a key or data belonging to a lower layer, 

said method being provided with a means for setting communication quality such 
that quality of said encryption/authentication communications concerning a higher layer 
is higher than that concerning a lower layer. 

[Detailed explanation of the invention] 

The present invention pertains to communication equipment, system and method 
for transmitting information such as moving picture data, still picture data, voice data, 
computer data, etc. in a multimedia network. 



A B-ISDN (Broadband-Integrated Services Digital Network), which is expected 
to constitute a main communication infrastructure in the next generation, is a flexible 
network having a greater transmission capacity than existing ISDN and having 
capabilities of providing communication service of a requested transmission capacity 
(within a permissible range of a network resource). A B-ISDN attributes its successful 
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delivery of such advanced services solely to the technology called ATM (Asynchronous 
Transfer Mode). In ATM networks, as in packet switching transmission mode networks, 
cells of a fixed length respectively provided with a header storing a label on which a 
destination is written are transmitted to handle an optional speed and upon reading the 
label, a switching facility conducts switching. Since a packet consists of cells of a fixed 
length, high-speed synchronous communication can be conducted at a physical layer 
level and an optional transfer speed can be secured according to packet transmission 

density. b - 

In order to guarantee secure use of such a communication infrastructure, network 
security technology such as encryption, authentication, etc. is vital. As is publicly known, 
encryption and authentication can be performed by a common key cryptosystem wherein 
the same enciphering key is secretly shared by the sender and the recipient (, which is 
also referred to as a secret key cryptosystem, symmetric cryptosystem, conventional 
cryptosystem, etc.) or a public key cryptosystem wherein one key, usually the 
enciphering key, is made public and a different key, usually the deciphering key, is kept 
secret (as for the details of the respective cryptosystems, see "Contemporary 
cryptography" co-written by Ikeno and Koyama and published by the Electronic 
Information Communication Congress in 1986). Further, various systems for securely 
distributing such keys have been proposed (see, for example, "Encryption and 
information security" co-written by Tsujii and Kasahara and published by Shokodo in 
1990). By utilizing the aforementioned techniques, secure data communications in the B- 
ISDN can be realized. 

[Problems to be solved by the invention] 

With a view to enhancing security in encryption/authentication communication 
such as described above, normally, hierarchically arranged keys as indicated in Fig. 6 are 
employed. However, since all data can be decrypted once an enciphering key is decoded, 
security needs be enhanced by, for example, enciphering a key by means of another key 
belonging to a higher layer or employing a plurality of keys for varying usage (for 
example, a signature key and an enciphering key) to simultaneously perform an 
encryption function and an authentication function. In this case, the encryption function 
may be replaced with a deciphering function, signature function, verification function, etc. 

In Fig. 6, a first key for key encryption is referred to as a master key and a key for 
directly enciphering data is referred to as a work key and the other keys are referred to as 
key encryption keys. Some of the key encryption keys including the master key are 
either distributed to users in advance or public keys accessible by anyone. In the 
meantime, some of the key encryption keys including the work key are either keys set for 
temporary usage by the sender, recipient or organization, etc. in charge of the keys or 
keys to be sent together with data in order to save time for retrieving keys or identifying 
the sender. 

Such keys are usually sent to the recipient together with and/or separately from 
enciphered data or data prefixed with signature. Thus, encryption/authentication 
communication involves not only data communication but also key communication, and 
it should be obvious that security of the communication concerning keys of higher layers 
of the hierarchy in Fig. 6 is more important than that concerning keys of lower layers, 
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because if communication concerning a higher layer of the hierarchy is not reliable 
communication concerning any layers lower than that can hardly be considered to be 
reliable. However, in conventional communications, key information and data 
information concerning the higher layers is not distinguished from that concerning the 
lower layers; or even if they are differentiated according to location of information, etc., 
none of the conventional communication systems proposes differentiation of information 
according on the basis of its significance. 

[Means for solving the problems] - m ^ 

The present invention'has been accomplished with a view to obviating the 

aforementioned problems of the prior art and provides communication equipment, system 

and method capable of conducting communications by utilizing information such as 

significance of data, service, etc. to be transmitted. 

In order to achieve the aforementioned object, the present invention pertains to an 

encryption/authentication communication system for conducting 

encryption/authentication communications of a layered construct where a key belonging 
to a higher layer converts a key or data belonging to a lower layer to effectuate 
communications, said system being provided with a means for setting communication 
quality such that quality of said encryption/authentication communications concerning a 
higher layer is higher than that concerning a lower layer. 

[Embodiment 1] . 

Hereafter, an embodiment of the present invention will be specifically explained 
with reference to the attached drawings. 

Since multimedia communication is conducted in a B-ISDN, the present 
embodiment allows different media to have different traffic characteristics. Therefore, 
different media require different QOS (Qualities of Service). In the case of ATM, cell 
transfer delay, cell delay variation, cell loss rate (CLR), etc. are defined as QOS 
parameters (further study is required for other parameters). 

"Delay" in this context means time that elapses between the instant at which data 
is transmitted and the instant at which the data is received, and "delay variation" means 
dispersion in cell transfer time due to congestion, etc. Since delay variation in image 
transmission causes fluctuation of the number of bits received during a certain period of 
time, it results in flicker on the screen unless the recipient side has sufficient buffer 
memory. Further, when delay becomes substantial in the case of transmission of 
conversational voice data, etc., an echo cancellation problem must be solved. On the 
contrary, when data to be transmitted is text data, etc., neither delay nor delay variation 
causes problems. Still further, cell loss rate (CLR) represents the ratio of the number of 
dropped cells divided by the total number of cells received. Thus, if CLR is high in the 
case of image transmission where data is continuously transmitted without checking then- 
safe arrival at the recipient, a frame drops or noise arises and therefore, CLR affects 
communication quality substantially. It should be obvious that in data compression 
performed based on predictive coding such as MPEG, high CLR could lead to even more 
serious deterioration of image quality. Thus, each QOS parameter has different requested 
requirements according to usage. 

Between a user and the network, QOS requirements are set up as follows. A user 
requests a QOS class from a plurality of QOS classes provided by the network (a QOS 
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class consisting of a combination of several QOS parameters) normally when a 
connection is set up and a traffic contract is entered. At this time, the network determines 
whether the requested traffic does not exceed actual transmission capacity and also 
whether the requested QOS class can be secured, and if the network decides that the 
communication is viable, it informs a terminal accordingly and enters a communication 
mode. In the communication mode, the network maintains the requested QOS and 
guarantees the requested quality as long as the user observes the traffic contract. 

Further, various protocols (communication protocol) are specified for 
communications and a B-ISDN protocol is hierarchized as is indicated in Fig. 7 so that 
addition or change of various functions does not affect the whole. There is a specified 
data transmission agreement between layers. In Fig. 7, the physical layer corresponds to 
a protocol concerning physical media (specifications of a cable and connector, 
construction of a transmission frame, cell insertion, extract function, etc.) and the ATM 
layer corresponds to a protocol for handling multiplexing and exchange of cells common 
to all service. The asynchronous transfer mode adaptation layer (AAL) corresponds to a 
protocol for handling functions dependent on each service and has a plurality of protocols 
set corresponding to each service. The AAL absorbs addition and change of functions of 
the high layer dependent on each service so that it does not affect the basic functions of a 
B-ISDN system. Therefore, conversion of QOS requested by each service to QOS of the 
aforementioned ATM and reverse-conversion of the same is conducted at high layers 
including the AAL 

Thus, in a B-ISDN system, quality of communications can be designated by 
means of QOS. 

Therefore, the present embodiment is provided with a means for setting 
significance (quality) of QOS in accordance with the hierarchy shown in Fig. 6, i.e., a 
means for setting higher quality QOS in terms of cell loss rate, etc. for communications 
concerning higher layers than for communications concerning lower layers, whereby 
communications commensurate with significance of information of encryption / 
authentication communications can be realized. 

Fig. 1 is a flow chart describing an operation of the embodiment of the present 
invention. In the drawing, an example of a means for setting up a connection having 
QOS according to a layer comprises a QOS setting means for requesting/setting QOS and 
a QOS memory means for receiving information about a layer and storing a table of QOS 
corresponding to the layer. A control means such as a CPU, etc. controls the entire 
operation indicated in the flow chart of Fig. 1, including an operation for outputting 
information about a layer. Layer information K in Fig. 1 represents the total number of 
layers in the hierarchy in Fig. 6 and therefore, the highest layer is K, the second highest 
layer being K - 1 and so on. Thus, when a communication request occurs, the means 
shown in Fig. 1 requests and sets up a highest QOS on the assumption that the layer 
information is K. Using the thus established connection, the means conducts key 
encryption and authentication communications by means of the master key of the highest 
layer. Upon completion of the above key encryption and authentication communication, 
the means shown in Fig. 1 closes the connection. Then, the means decrements the layer 
information K by 1 and requests and sets up QOS corresponding to the decremented layer 
information. The means repeats the aforementioned operation until K becomes equal to 0. 
When there is a key that does not require the same communication as the master key 
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requires, however, processing for opening/closing connection as well as 
encryption/authentication communication is omitted. 

On the other hand, when there are no keys other than the master key that do not 
require communications, processing for determining if key communications is necessary 
is omitted. Further, if a few layers correspond to the same QOS, processing for 
opening/closing connection does not have to be repeated for each of the layers. Such a 
change in control as mentioned above can be easily made by changing programming of 
the control means. Further, the present invention can be implemented without the QOS 
memory means if QOS for each layer is programmed in advance. Still further, QOS need 
not rigidly be set for each layer and the present invention may be implemented by 
performing processing such as requesting the highest available QOS in the event of 
communications concerning the highest layer. Still further, QOS for communications 
concerning higher layers need not be of higher quality than those for communications 
concerning lower layers and may be set differently depending on how to set the QOS. 
memory means or how to program the QOS setting means. Since a series of 
communications (spanning a plurality of connections) indicated in Fig. 1 are all related to 
one another, identifiers, etc. can be employed to differentiate communications from one 
another. 

The above is effective for connection-type communications wherein QOS is set at 
the stage for setting up communications. 

[Embodiment 2] 

A B-ISDN system provides not only various QOS but also various connection 
setting modes such as a connection mode wherein a connection is established prior to 
transmission of information, a connectionless mode wherein when send information 
occurs, a connection is established to transmit the information, etc. The aforementioned 
embodiment 1 pertains to a connection mode communication service. The embodiment 2 
pertains to connectionless mode communication service wherein QOS can be changed in 
the midst of communications. 

Fig. 8 shows an example of a configuration of protocols for connectionless mode 
communication service. In the drawing, a CLNAP (Connectionless Network Access 
Protocol) layer is a part of the high layer shown in Fig. 7, where protocols for the 
connectionless mode communication service are implemented. Fig. 9 shows a format of 
a PDU (Protocol Data Unit) at the CLNAP layer. PDU represents a set of data 
designated in protocols at a specified layer whereas SDU represents a set of data 
transmitted by users of services at a specified layer. In this case, QOS is designated as 4- 
bit data in the header of PDU, which is generated in the CLNAP layer. PDU is turned 
into cells or synthesized at the AAL and ATM layers and transmitted via the physical 
layer. Therefore, in the connectionless mode communication service, QOS can be set for 
each PDU. 

Thus, according to the connectionless mode communication service protocol, 
different PDUs are generated at different layers (for different QOSs) and QOS 
corresponding to a layer of encrypted information contained in the PDU is set, whereby 
communications commensurate with significance of information (layer) can be realized. 
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Such connectionless mode communications can be implemented by replacing 
"connection" in Fig. 1 with "PDU". 

Fig. 3 is a conceptual diagram of the embodiment 2 of the present invention. The 
encryption means shown in Fig. 3 receives input data, encrypts the data and transmits the 
thus encrypted information to the QOS setting means and further transmits the layer 
information to the QOS memory means. It is assumed that a key for each user such as a 
master key, etc. is managed by a known key management means. If not (if, for example, 
a key is input through an external card, etc.), the key is input to the encryption means via 
communications, etc. In the meantime, a temporary key such as a work key, etc. is * 
generated by using a known random number generator, operation means, etc. Further, 
encryption by means of the keys is conducted by a known encryption processing means 
and encrypted information output from the encryption processing means is sent to the 
QOS setting means. Since the order of use of the keys is determined in advance in such a 
manner as to correspond to the hierarchy of the keys, the control means provides to the 
encryption processing means a master key, etc. from the key management means (or 
external card, etc.) and a work key, etc. from the random number generator and operation 
means, etc. in compliance with the prescribed order of use of the keys, causes the 
encryption processing means to encrypt input data by using the keys (a work key, etc. 
may constitute data) and sends to the QOS memory means the order of the processing as 
layer information. 

The QOS memory means, which comprises a memory means for storing QOS 
corresponding to layer information in a table, provides the QOS setting means with QOS 
corresponding to the layer information input from the encryption means. The QOS 
setting means sets and outputs the QOS at a predetermined location and/or in a 
predetermined format as output data (predetermined information including the encrypted 
information). 

Next, the embodiment 2 with respect to the recipient side will be explained with 
reference to Fig. 4. 

It is assumed here that the recipient receives communications conducted by the 
means shown in Fig. 1. In Fig. 4, the QOS analysis means resolves the input data into the 
encrypted information and the layer information based on the location of prescribed 
information and format of an identification signal, etc. and sends them to the decoding 
means. If it transpires that the layer information concerns a layer managed by the key 
management means, the control means in the decoding means retrieves the key from the 
key management means, inputs the key to the decoding processing means and decodes 
the encrypted information. Further, if it transpires that the result of the decoding ^ 
corresponds to information about a layer used as a key, the result of the decoding is 
temporarily stored in the key memory means. On the contrary, if it transpires that the 
layer information concerns a layer not managed by the key management means, the 
control means retrieves information constituting a key of the layer from the stored result 
of the decoding and inputs the retrieved information as a key to the decoding processing 
means, which decodes the encrypted information and outputs the thus decoded 
information. However, a key may be generated by the operation means based on the 
result of the decoding. Therefore, it is obvious that the QOS analysis means can be 
implemented by combining a processing means such as a CPU, DSP, etc. with a memory 
means such as RAM, etc., whereas the decoding processing means may be a known 
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decoding processing means corresponding to the encryption processing means in the 
embodiment 1 and the key management means may be a means similar to that of the 
embodiment 1 and the control means may be a processing means such as a CPU, DSP, 
etc. and further, the operation means may be a CPU, DSP, etc. 

Although the above explanation concerns encryption and decryption, encryption 
and decryption may be replaced by signature and verification respectively if 
authentication communications is also involved, whereby authentication^communications 
commensurate with significance of keys can be implemented by employing the same 
means as in the case of encryption communications. Further, in the case of a system for 
conducting both sending and receiving, the means shown in Figs. 3 and 4 may be 
synthesized to prepare a means (program) since the components in Figs. 3 and 4 are 
similar. 

[Embodiment 3] 

The embodiments 1 and 2 represent means for implementing communications 
commensurate with significance of information in connection mode communication 
service and connectionless mode communication service respectively. In the present 
embodiment 3, a communication system including the embodiments 1 and 2 for 
implementing communications commensurate with significance of information will be 
specifically explained with reference to Fig. 5 

It is assumed here that the means of the embodiment 1 are incorporated in the 
sender's terminal and/or the recipient's terminal in Fig- 5 and the number of layers K is 2 
in the hierarchy of Fig. 6, i.e., there are only a master key and a work key. Further, a case 
where in the connection mode communication service, encryption and authentication 
processing concerning keys and data is performed according to the following ID-based 
key sharing system, will be explained below. 

[ID-based key sharing system] 

There is a center for managing the key distribution means. The center receives an 
identifier (ID) such as a name, telephone number, etc. of each entity, generates a secret 
key corresponding to the ID by using a secret algorithm inherent to the center and sends 
the thus generated secret key to each entity, whereby each entity calculates from the 
secret key and published ID of the other party of its communications an encryption key to 
be shared by the entity and the other party. This system is referred to as an ID-based key 
sharing system, according to which identification of a communication party and key 
sharing can be simultaneously conducted. 

The ID-based key sharing system can be divided into two systems, that is, a 
system that requires spare communications prior to encryption communications and a 
system that does not require spare communications. The system that requires spare 
communications cannot be used like an e-mail system, etc. where only messages are 
encrypted to be transmitted. On the other hand, a system that does not require spare 
communications can be used like an e-mail system and therefore is more extensibly 
applicable. However, if many entities conspire in the system that does not require spare 
communications, the center's secret could be divulged. As a system that requires spare 
communications, a key distribution system by Okamoto (Sakae) is known well, whereas 
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i m tW Hoes not reauire spare communications, a key distribution system by 

T^c^^^ * of the public key cryptosystems, 

kevTie kept secret whereas n = (p • q) and the encrypuon key e (e • d =- .nod J - 1) 
ft - 1)) are made public. A source element g of the finite fields GF (p) and GF (q) is also 

5tt ftetoe of subscription to a network, each user j registers his (her) own identifier 
^ at The center and the center calculates and sends Sj = IDjd mod n to the user j. The 

S^SS^A S us-B^a key, the following communications and calculations i 

I ^Tu^A^Lrily chooses random number kA and sends CA = SA • gkA mod n to 

T-S^vL B arbitrarily chooses random number kB and sends CB = SB • gkB mod n to 

£ e Theutr B calculates y = (CAe/IDA) kB mod n (= ge ■ kA ■ kB mod n). 
iv. The user A calculates y = (CBe/lDB) kA mod n (= ge • kA • kB mod n). 

4) The users A and B conduct encryption communications, using y as a shared key. 

A master key corresponds to Sj in 2) and a work key corresponds to y in 3). Thus, 
Si in 2) is distributed in advance to each user and the processing/commumcations in 3) 
Srfesi^ communications concerning a key whereas the 

communication in 4) corresponds to encryption communications concerning data. 
FuXr, the user A and the user B correspond to the sender and the recipient m ftg. 5 
respectively. In the following explanation, it is assumed that each terminal .it |Fig. 5 
comorises a known ID-based key sharing means in addition to the means of toe 
SSodS!tT(the aforementioned Sj is normally managed by the ID-based key shanng 

First, when the user A conducts encryption/authentication communications with 
the user B, the user A first negotiates with the network over QOS by means of the 
embodiment 1 on the assumption that K is 2 and establishes a connection ofa togh 
quality QOS with the user B. Upon setting up the connection, the user A performs the 
DrocessiWcon^unications set forth in 3) with the user B by using the known ID-based 
KSS means, whereby the user A and the user B share their respective work key y 
and temporarily terminate the connection. Subsequently the user A negotia^s ^again with 
the network over QOS on the assumption that this time, K is 1 and establishes a 
conSon with the user B, which connection has QOS lower than the QOS for K ^bemg 2. 
Using the thus established connection, the user A conducts encryption communications 
with the user B by means of the work key y. 
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